Tuesday, October 18, 2016

Wireless Packet Capture with macOS

One of my favorite things about macOS (formerly OS X) is how easy it makes wireless packet captures, compared to Windows.

In older versions of OS X, the Wireless Diagnostics tool provided a fast and simple way to capture wireless frames on a specific channel. 

To use it, you had to open Wireless Diagnostics with Spotlight, type in your password, open the Sniffer window, and finally select a channel and start the capture. As soon as the capture is stopped, a ".wcap" file was placed on your desktop, ready to be opened up with your favorite packet analysis software.

macOS Sierra brings a change that I'm not a big fan of. Files are now placed in /var/tmp (instead of on the desktop), which is just annoying to get to, and doesn't automatically share with the desktop on my Windows 10 virtual machine. That's annoying!


The replacement for me is Airtool by Adrian Granados. It's a lightweight application that runs in the status bar, offers packet capture in 2 clicks, and places a ".pcap" file on your desktop (!) when you are done.


Boom, that's it! Airtool is now my preferred packet capture tool on macOS. Be sure to grab a copy here, and don't forget to flow Adrian a donation for his hard work.